ECSA/ LPT EC Council Module XXIX EC - Council Physical Security Penetration Testing Penetration Testing Penetration Testing Roadmap Start Here Information Vulnerability External Gathering Analysis Penetration Testing Fi ll Router and Internal Fi rewa ll Penetration Testing Router and Switches Penetration Testing Internal Network Penetration Testing IDS Penetration Testing Wireless Network Penetration Testing Denial of Service Penetration Testing Password Cracking Stolen Laptop, PDAs and Cell Phones Social Engineering Application Cont’d EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Penetration Testing Penetration Testin g Penetration Testing Penetration Testin g Penetration Testing Roadmap (cont ’ d) (cont d) Cont’d Physical Security Database Pii VoIP PiTi Security Penetration Testing P enetrat i on test i ng P enetrat i on T est i n g Vi d Vi rus an d Trojan Detection War Dialing VPN Penetration Testing Log Management Penetration Testing File Integrity Checking Blue Tooth and Hand held Device Penetration Testing Telecommunication And Broadband Communication Email Security Penetration Testin g Security Patches Data Leakage Penetration Testing End Here EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Communication Penetration Testing g Penetration Testing Penetration Testing Physical Attacks Firewalls cannot be a deterrent against physical intrusions Firewalls cannot be a deterrent against physical intrusions . Information assets cannot be safeguarded if proper physical security measures are not in place. Attackers/intruders can copy all important password files to a floppy disk. Boot the computer using USB drives and mirror the hard disk in Apple ’ s iPod EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited in Apple s iPod . Steps in Conducting Physical Security Penetration Testing 1 • Map the possible entrances Security Penetration Testing 2 • Map the physical perimeter 3 • Penetrate locks used by the gates, door and closets 4 • Overviewing from outside 5 • Penetrate server rooms, cabling, and wires 6 • Attempt lock picking techniques 7 • Fire detection systems 8 • Air conditioning systems 9 • Electromagnetic interception EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited 10 • Test if the company has a physical security policy Steps in Conducting Physical Security Penetration Testing (cont ’ d) 11 • Physical assets Penetration Testing (cont d) 12 •Risk test 13 • Test if any valuable paper document is kept at the facility 14 • Check how these documents are protected 15 • Employee access 16 • Test for radio frequency ID (RFID) 17 • Physical access to facilities 18 • Documented process 19 • Test people in the facility EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited 20 • Who is authorized? Steps in Conducting Physical Security Penetration Testing (cont ’ d) 21 • Test fire doors Penetration Testing (cont d) 22 • Check for active network jacks in meeting rooms 23 • Check for active network jacks in the company lobby 23 24 • Check for sensitive information lying around meeting rooms • Check for receptionist/guard leaving lobby 25 Check for receptionist/guard leaving lobby 26 • Check for accessible printers at the lobby – print test page Ob i h / l li i f h l bb i i 27 • Ob ta i n p h one / personne l li st i ng f rom t h e l o bb y recept i on i st 28 • Listen to employee conversation in communal areas/cafeteria EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited 29 • Can you enter the ceiling space and enter secure rooms? Steps in Conducting Physical Security Penetration Testing (cont ’ d) 30 • Check windows/doors for visible alarm senses Penetration Testing (cont d) 31 • Check visible areas for sensitive information 32 • Try to shoulder surf users logging on 32 33 • Try to videotape users logging on • Check if exterior doors are guarded and monitored 34 Check if exterior doors are guarded and monitored 35 • Check guard patrol routines for holes in the coverage I d l d i i 36 • I ntercept an d ana l yze guar d commun i cat i on 37 • Attempt piggybacking on guarded doors EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited 38 • Attempt to use fake ID to gain access Steps in Conducting Physical Security Penetration Testing (cont ’ d) 39 • Test “after office hours” entry methods Penetration Testing (cont d) 40 • Identify all unguarded entry points 4 1 • Check for unsecure doors 4 42 • Check for unsecure windows • Attempt to bypass sensors configured on doors and windows 43 Attempt to bypass sensors configured on doors and windows 44 • Attempt dumpster diving outside the company trash area bi l f id h b ildi d if i h i i i id 45 •Use bi nocu l ars f rom outs id e t h e b u ildi ng an d see if you can v i ew w h at i s go i ng on i ns id e 46 • Use active high frequency voice sensors to hear private conversation among company staff EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited 47 • Dress as a FedEx/UPS employee and try to gain access to the building Step 1: Map the Possible Entrances Entrances Locate different ways people can enter the premises: • Through doors •Throu g h windows premises: g • Fire exits EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited [...]... Following Physical access to facilities Physical access to secure areas within facilities Physical Ph i l access t computing resources ( to ti (e.g., workstations, laptop computers) Physical access to p p records y paper EC-Council Copyright © by EC-Council All Rights Reserved Reproduction is Strictly Prohibited Step 10: Test if the Company has y y y a Physical Security Policy Without a physical security. .. security policy, there are no formal requirements for what is to be done to physically secure the company An employee will not necessarily know what to do from a physical security perspective EC-Council Copyright © by EC-Council All Rights Reserved Reproduction is Strictly Prohibited Step 11: Physical Assets Assess the value of physical assets (e.g., computers, equipment, proprietary i f i information)... the data present in RFID tag EC-Council Copyright © by EC-Council All Rights Reserved Reproduction is Strictly Prohibited Step 17: Physical Access to Facilities Test how physical access to facilities p y is controlled for employees, contractors, visitors, etc What physical security measures exist at the perimeter or when entering the facilities? g EC-Council Copyright © by EC-Council All Rights Reserved... EC-Council All Rights Reserved Reproduction is Strictly Prohibited Step 15: Employee Access Employee access to sensitive facilities in the organization should be restricted The physical security measure related to personnel security should be in place EC-Council Copyright © by EC-Council All Rights Reserved Reproduction is Strictly Prohibited Step 16: Test for Radio Frequency ID (RFID) Use RFDump tool...Step 2: Map the Physical Perimeter Draw the map of a physical perimeter of the target Identify the following: • • • • • • EC-Council Doors used Types of windows used Ceiling strength Basement Access policies Types of locks used Copyright... equipment, proprietary i f i information) of the company i ) f h EC-Council Copyright © by EC-Council All Rights Reserved Reproduction is Strictly Prohibited Step 12: Risk Test The risk associated with physical security at a given facility is largely dependent on the value of the items inside the facility EC-Council Copyright © by EC-Council All Rights Reserved Reproduction is Strictly Prohibited Step 13:... sure you use an AP device that is not easy for anyone in the organization to detect Make sure that you mark the jack with your own code This will help you to prove that you have indeed breached the physical security and entered in the work area Identify the active network jacks that are not in use and secure them EC-Council Copyright © by EC-Council All Rights Reserved Reproduction is Strictly Prohibited... in safes, lockers, and so on EC-Council Copyright © by EC-Council All Rights Reserved Reproduction is Strictly Prohibited Step 14: Check how these Documents are Protected How are they protected? What physical access measures have been taken to prevent unauthorized access to paper documents? Are sensitive paper documents shredded before they are thrown away? What would the impact be to the company if... identifies them at all times EC-Council Copyright © by EC-Council All Rights Reserved Reproduction is Strictly Prohibited Step 20: Who is Authorized? Test if current list of individuals authorized to physically access the facilities exist? Is this list periodically reviewed and purged so that any inactive or terminated personnel’s access is removed? EC-Council Copyright © by EC-Council All Rights Reserved... procedures within the company EC-Council Copyright © by EC-Council All Rights Reserved Reproduction is Strictly Prohibited Step 8: Air Conditioning Systems Check the air conditioning systems for possible penetration attempts Investigate the air condition ducts and check for ways of hiding g y g information devices EC-Council Copyright © by EC-Council All Rights Reserved Reproduction is Strictly Prohibited . LPT EC Council Module XXIX EC - Council Physical Security Penetration Testing Penetration Testing Penetration Testing Roadmap Start Here Information Vulnerability External Gathering Analysis Penetration Testing Fi. and Internal Fi rewa ll Penetration Testing Router and Switches Penetration Testing Internal Network Penetration Testing IDS Penetration Testing Wireless Network Penetration Testing Denial of Service Penetration. Prohibited Penetration Testing Penetration Testin g Penetration Testing Penetration Testin g Penetration Testing Roadmap (cont ’ d) (cont d) Cont’d Physical Security Database Pii VoIP PiTi Security Penetration